forked from ungleich-public/cdist
Merge branch '__acl_improvements_vol2' into 'master'
__acl improvements vol 2 See merge request ungleich-public/cdist!780
This commit is contained in:
commit
bd27d432b1
3 changed files with 26 additions and 45 deletions
|
@ -18,7 +18,7 @@
|
|||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
[ ! -e "/$__object_id" ] && exit 0
|
||||
# TODO check if filesystem has ACL turned on etc
|
||||
|
||||
for parameter in user group
|
||||
do
|
||||
|
@ -40,7 +40,8 @@ do
|
|||
|
||||
if ! getent "$getent_db" "$check" > /dev/null
|
||||
then
|
||||
echo "missing $parameter '$check'"
|
||||
echo "missing $parameter '$check'" >&2
|
||||
exit 1
|
||||
fi
|
||||
done \
|
||||
< "$__object/parameter/$parameter"
|
|
@ -20,15 +20,7 @@
|
|||
|
||||
file_is="$( cat "$__object/explorer/file_is" )"
|
||||
|
||||
[ "$file_is" = 'missing' ] && exit 0
|
||||
|
||||
missing_users_groups="$( cat "$__object/explorer/missing_users_groups" )"
|
||||
|
||||
if [ -n "$missing_users_groups" ]
|
||||
then
|
||||
echo "$missing_users_groups" >&2
|
||||
exit 1
|
||||
fi
|
||||
[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
|
||||
|
||||
os="$( cat "$__global/explorer/os" )"
|
||||
|
||||
|
@ -56,7 +48,7 @@ do
|
|||
then
|
||||
[ "$file_is" = 'directory' ] && rep=x || rep=-
|
||||
|
||||
acl="$( echo "$acl" | sed "s/\(.*\)X/\1$rep/" )"
|
||||
acl="$( echo "$acl" | sed "s/\\(.*\\)X/\\1$rep/" )"
|
||||
fi
|
||||
|
||||
echo "$parameter" | grep -Eq '(mask|other)' && sep=:: || sep=:
|
||||
|
@ -72,7 +64,7 @@ setfacl_exec='setfacl'
|
|||
|
||||
if [ -f "$__object/parameter/recursive" ]
|
||||
then
|
||||
if echo "$os" | grep -Eq 'macosx|freebsd'
|
||||
if echo "$os" | grep -Fq 'freebsd'
|
||||
then
|
||||
echo "$os setfacl do not support recursive operations" >&2
|
||||
else
|
||||
|
@ -82,13 +74,6 @@ fi
|
|||
|
||||
if [ -f "$__object/parameter/remove" ]
|
||||
then
|
||||
if echo "$os" | grep -Fq 'solaris'
|
||||
then
|
||||
# Solaris setfacl behaves differently.
|
||||
# We will not support Solaris for now, because no way to test it.
|
||||
# But adding support should be easy (use -s instead of -m on modify).
|
||||
echo "$os setfacl do not support -x flag for ACL remove" >&2
|
||||
else
|
||||
echo "$acl_is" | while read -r acl
|
||||
do
|
||||
# Skip wanted ACL entries which already exist
|
||||
|
@ -99,7 +84,7 @@ then
|
|||
then continue
|
||||
fi
|
||||
|
||||
if echo "$os" | grep -Eq 'macosx|freebsd'
|
||||
if echo "$os" | grep -Fq 'freebsd'
|
||||
then
|
||||
remove="$acl"
|
||||
else
|
||||
|
@ -109,14 +94,13 @@ then
|
|||
echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
|
||||
echo "removed '$remove'" >> "$__messages_out"
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
for acl in $acl_should
|
||||
do
|
||||
if ! echo "$acl_is" | grep -Eq "^$acl"
|
||||
then
|
||||
if echo "$os" | grep -Eq 'macosx|freebsd' \
|
||||
if echo "$os" | grep -Fq 'freebsd' \
|
||||
&& echo "$acl" | grep -Eq '^default:'
|
||||
then
|
||||
echo "setting default ACL in $os is currently not supported. sorry :(" >&2
|
||||
|
|
|
@ -10,11 +10,7 @@ DESCRIPTION
|
|||
-----------
|
||||
ACL must be defined as 3-symbol combination, using ``r``, ``w``, ``x`` and ``-``.
|
||||
|
||||
Fully supported on Linux (tested on Debian and CentOS).
|
||||
|
||||
Partial support for FreeBSD, OSX and Solaris.
|
||||
|
||||
OpenBSD and NetBSD support is not possible.
|
||||
Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD.
|
||||
|
||||
See ``setfacl`` and ``acl`` manpages for more details.
|
||||
|
||||
|
|
Loading…
Reference in a new issue